ietf-mxcomp
[Top] [All Lists]

Re: plan for april 5th xmpp conference...

2004-03-26 17:54:12

On Fri, Mar 26, 2004 at 06:18:49PM -0600, Gordon Fecyk wrote:

    
by "identity", we refer to:
    
    2821 HELO/EHLO domain
    2821 MAIL FROM
    2822 From:
    2822 Sender:

Folsk have argued that the network address is another identity that needs
considering.

I argue that the network address is but a means to verify one of the
identities Marshall's pointed out above.

Another possibility is considering the combination of 2821 MAIL FROM 
_and_ the originating IP together as an identity.

This approach lends itself well to approaches that don't require a
priori authorization of certain IPs for certain domain names: by
considering both together as a single identity, decisions on
accept/reject/treat as suspect can then be made based on an evaluation
of content (RFC2822 headers + DATA).  Scores assigned based on this
evaluation can be associated with the identity and tracked.  Subsequent
mail from the same identity can be acted upon based on this tracked
score.

In such a scheme, the basis for accepting/rejecting mail from an
identity is behavior coupled with source.  It's assumed that legitimate
sources would be associated with good behavior, and illegitimate sources
with bad behavior.  This type of approach relies more obviously on a
secondary filtering mechanism, though I believe all approaches being
discussed rely on secondary filtering to a greater or lesser extent.




-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org                                       
mark(_at_)seti(_dot_)org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org